This Mailismus component implements a POP3 server (Post Office Protocol v3).

The POP server requires the Message-Store (see section §4.2) and Directory subsystems to be configured.
The only Directory config file it's concerned with is the users file (see section §4.10.1), which defines the login credentials for POP clients.

Mailismus supports the following optional POP3 commands and extensions:
USER, PASS, APOP, TOP, UIDL, CAPA, AUTH (Plain, CRAM-MD5 & External), STLS, PIPELINING.

4.8.1 - Task Config

The top-level config of the POP server task is outlined below.

<pop3server>
    <listeners>
        <listener name="POP3">
            <server>
                ...
            </server>
            <ssl ... />
        </listener>
    </listeners>
</pop3server>

4.8.2 - Listener

The Listener is a generic NAF component that is documented in the NAF Guide (see §7 there).
The POP3 server typically only has one Listener, listening on the standard POP3 port of 110, but you may however choose to run separate listeners, eg. on ports 110 and 995 (pure SSL).

Note the following aspects of the POP3 listener:
• It's port attribute need not be specified, since in this context, it defaults to the standard POP3 ports of 110 or 995, depending on SSL mode.
   Of course if there is more than one listener, you will have explicitly specify another port on the others.
• Likewise the server's class attribute is omitted, as it defaults to the Mailismus POP3-Server class.

The optional SSL config block is also a generic NAF facility (see NAF Guide, section §8) and the only thing left to add here is the treatment of its latent and mandatory attributes in the context of the POP3 Server.
Note that Mailismus supports the POP3 STLS extension, whereby a client may switch to SSL mode after establishing the connection.

• If latent is set to its default value of False, then connections will be established in SSL mode to start with.
  If True, then Mailismus will advertise its support of the STLS extension, and will switch to SSL mode if the remote client asks it to.
  If the client does initiate an upgrade to SSL mode, it must do so before authenticating.
• If mandatory is set to True, then the POP Server will reject any attempts to authenticate until the connection is switched to SSL.
  If False, then the client is not required to switch to SSL. It is up to the client to decide.

4.8.3 - POP Server

The server's config block is listed below, with largely default values.

<server>
    <transcript>%DIRLOG%/transcripts/pop3server-%DT%.log</transcript>
    <greet>Mailismus POP3 Ready</greet>
    <authtypes>USERPASS | APOP | SASL_PLAIN | SASL_CRAM_MD5 | SASL_EXTERNAL</authtypes>
    <authtypes_ssl>SASL_EXTERNAL | SASL_PLAIN</authtypes_ssl>
    <timeout>2m</timeout>
    <expire>-1</expire>
</server>

transcript
This file records a transcript of the POP3 protocol dialogue.
This config item supports the same attributes as the GreyLog loggers (rotation, buffering, etc - see GreyLog Guide).
This setting has no default and transcripts will be turned off if it is omitted.

greet
This specifies the greeting message which the POP server issues in response to new connections.
The default is as illustrated above.

authtypes
This specifies the authentication methods which clients are allowed to use (as advertised by the POP3 CAPA command) and defaults to the full set of supported mechanisms as illustrated above.
The USERPASS option refers to POP3's built-in USER and PASS commands.

The SASL-External mechanism is only relevant if SSL is in effect, and requires the client to supply its own X.509 certificate.
The certificate's Common-Name attribute is taken as the username, and the existence of this username in our Directory is sufficient to authenticate the client.

The special value all means All and is equivalent to omitting this config item (as that is the default).
The special value - means None, and prevents any users from logging in (although in that case, you might as well turn off your POP3 server!)

authtypes_ssl
This specifies the login methods which are only allowed in SSL mode, and is thus always a subset of the methods in the authtypes config item.
If SSL capability is not configured, then this defaults to SASL_EXTERNAL, ie. only SASL-External is forbidden (since it makes no sense in the absence of a certificate).
If SSL capability is configured and is mandatory (ie. connections are initially established in SSL mode), then this config item is superfluous, and defaults to being the same as authtypes.
If SSL capability is configured but latent (ie. the client has to explicitly switch to SSL mode via the POP3 STLS command), then this setting defaults to SASL-Plain and SASL-External, as illustrated above.

The special value all means all the login methods are restricted to SSL mode only, ie. no logins are permitted in non-SSL mode.
The special value - means None, ie. none of the login methods are restricted to SSL mode (though it still makes no sense for SASL-External, which will fail anyway without a certificate).

timeout
This specifies the idle timeout.
Defaults to 2 minutes.

expire
This specifies the message-retention period (in days), as advertised by the CAPA command's EXPIRE response.
It defaults to -1 which means NEVER.
The only setting enforced by Mailismus is 0 (zero), in which case it will delete all downloaded messages at the end of the session.
All other values are merely intended as advisory information for the users, and you will have to purge old messages from the server by some other means, external to Mailismus.

Note that the expire setting merely refers to server-side message deletion, and doesn't necessarily mean messages don't get deleted. The expectation is that POP clients delete messages by default anyway, after downloading them.